Start Date
11-8-2016
Description
An online-persona is a social identity internet users establish through participation in social networking sites, websites, and online communities. An individual’s online-persona creates a vulnerability for the organizations that employ them, since these online-personas are not under a firm’s control. The IS literature has established that employees are the greatest security risk to an organization; research has addressed employee risk by investigating the need for information security policies addressing compliance, unethical use of a firm’s IT resources, and risk associated with infection (i.e., malware, viruses, etc.). However, to date, the literature has not examined risks introduced by the creation of employee online-personas. The goal of our research is to develop and test a model of target-selection factors used by cyber-criminals when choosing a target for attack from the available population of online-personas, thus, enabling firms to implement policies that reduce risk of cyberattacks against themselves and their employees.
Recommended Citation
Booth, Ruby; Richardson, Sandra; and Simon, Judith, "Security Risks Related to Employee “Extra-Role” Creation of an “Online-persona”" (2016). AMCIS 2016 Proceedings. 28.
https://aisel.aisnet.org/amcis2016/ISSec/Presentations/28
Security Risks Related to Employee “Extra-Role” Creation of an “Online-persona”
An online-persona is a social identity internet users establish through participation in social networking sites, websites, and online communities. An individual’s online-persona creates a vulnerability for the organizations that employ them, since these online-personas are not under a firm’s control. The IS literature has established that employees are the greatest security risk to an organization; research has addressed employee risk by investigating the need for information security policies addressing compliance, unethical use of a firm’s IT resources, and risk associated with infection (i.e., malware, viruses, etc.). However, to date, the literature has not examined risks introduced by the creation of employee online-personas. The goal of our research is to develop and test a model of target-selection factors used by cyber-criminals when choosing a target for attack from the available population of online-personas, thus, enabling firms to implement policies that reduce risk of cyberattacks against themselves and their employees.